Corporate Partners

Top IT Security Bloggers

  • Payday Loan Network Sold Info to Scammers

    Krebs on Security
    The Federal Trade Commission announced this week it is suing a consumer data broker that sold payday loan application data to scammers who used the information to pull money out consumer bank accounts. The scam brings to mind an underground identity theft service I wrote about in 2012 that was gathering its data from a network of payday loan sites.
  • Last Minute Cybersecurity Predictions for 2015

    Network World - Networking Nuggets and Security Snippets
    By now, every vendor, analyst, and media outlet has already published their cybersecurity predictions for 2015.  I actually described some of mine on a Co3 webinar with Bruce Schneier last week so I thought I’d put together a quick list.  Here are ten predictions in no particular order.
    Widespread impact from the cybersecurity skills shortage.  Demand will exceed supply for cybersecurity professionals leading to salary inflation.  CISOs who can’t hire the right talent will have no choice but to look for help from MSSPs and security SaaS vendors.  As a result, 2015 will be another boom year for all types of security service providers on all types.  See my recent blog for more details. 
    Expanding attack surface.  While most attacks will still center on Windows PC, browsers, and common applications, sophisticated cyber-adversaries will start to poke around with hacks for mobile devices, cloud applications, IoT, Macs, and Linux.  The industry will pitch individual threat management tools for each of these threat vectors but CISOs should avoid the point tools trap and create an expansive all-inclusive strategy to safeguard the growing attack surface.
    Health care heartache.  Cyber-criminals need new industry targets as the return on credit card theft is steadily decreasing.  Health care industry beware – you are the next mark.  Look for hackers to launch attacks on major hospital groups and health care insurance providers throughout 2015.
    Mobile payment popularity and vulnerability.  Led my Apple Pay, mobile payment will take off in 2015, leading cyber-criminals to focus on vulnerable software, devices, and protocols.  I expect an explosion of Near Field Communications (NFC) hacks by next summer.
    Peace out, passwords.  Closely related to mobile payment, consumers will become more and more comfortable with smartphone-based authentication and biometrics in 2015.  Apple has the lead but the recently published FIDO 1.0 specification will bring similar functionality to Android and Windows phones as well.  By the end of 2015, many enterprises will start to explore ways to integrate mobile phone-based authentication into their IAM infrastructure.  On a related note, CISOs will get much more involved in IAM decisions next year as IAM assumes the role of a security perimeter for cloud, mobile, and internal IT assets. 
    Beyond AV.  The endpoint security market has been a cozy oligopoly for many years, dominated by 5 AV vendors:  Kaspersky, McAfee, Sophos, Symantec, and Trend Micro.  This exclusive club is now being invaded by a slew of newbies including Bit9, Bromium, Cisco, Confer, Digital Guardian, FireEye, Guidance Software, Hexis Cyber Solutions, IBM, Malwarebytes, Palo Alto, RSA, Triumfant, and Webroot.  Why?  Security pros realize that AV alone isn’t enough so they are adding advanced anti-malware layers and/or endpoint forensic software.  By the end of 2015, at least one vendor will exhibit extreme chutzpah by telling customers to abandon AV altogether and redistribute legacy endpoint dollars at new types of tools. 
    Washington Cybersecurity Wannabes.  Get ready for a steady diet of bellicose cybersecurity rhetoric when congress returns from vacation.  This is likely because of the Sony breach and the other GOP’s majority in the house and Senate.  We may see unprecedented funding of cybersecurity education programs (good stuff), tax breaks for private sector cybersecurity investments (good stuff), and a ton of other Pork Barrel cyber programs (wasteful stuff).  By the end of 2015, someone or some group will step up to become a cybersecurity watchdog for billions of dollars in federal funding (note:  This could be me).
    Enterprise Security Co.  Enterprise security based upon an army of point tools, manual processes, and limited IT visibility doesn’t work.  CISOs recognize this and are now looking to build an integrated, scalable, enterprise security architecture.  Think ERP (SAP) as a replacement for departmental apps in the 1990s.  Which vendors can address this burgeoning enterprise security requirement?  Leading candidates:  Cisco, McAfee, IBM.  Fast followers:  Check Point, FireEye, Fortinet, HP, Palo Alto Networks, RSA, Symantec, and Trend Micro.  Others?
    Security Analytics Maturity.  Most of the enterprise organizations I speak with are collecting, processing, and analyzing a heck of a lot more security data today than in the past.  What kind of security data?  Logs, packets, threat intelligence, endpoint forensics, IAM data – you name it.  We are passing from the age of SIEM to a much broader and more holistic security analytics era.  A market free-for-all will ensue as startups, service providers, and established vendors (i.e. AlienVault, Arbor Networks, Dell, LogRhythm, Narus, Splunk, etc.) vie for big security analytics projects.  Look for vendors to highlight hybrid cloud offerings, massive threat intelligence integration, remediation automation, and visual analytics capabilities next year.
    Cybersecurity Intelligence Intelligence.  Speaking of security analytics, 2015 will be a big year for cybersecurity intelligence, driven by the eventual passing of the Cybersecurity Intelligence Sharing Act (CISA), and momentum around FS-ISAC’s Avalanche and Soltra.  On the enterprise side, CISOs want to rationalize their threat intelligence consumption, use, and integration while figuring out which threat intelligence feeds are really worthwhile and which are simply redundant information.  Vendors will remain in the evangelical selling phase, but innovators like BitSight, iSight Partners, Norse, Vorstack, and ThreatStream with unique information or advanced integration should do well.  OpenIOC, STIX, TAXII, and other cybersecurity standards are bound to come along on this ride. 

    I could go on for a while longer but these are the ten that came to mind.  I hope you find them useful AND entertaining.To read this article in full or to leave a comment, please click here
  • Apple rolls out OS X patch to protect against critical NTP security flaw

    Graham Cluley
    Just when you imagined it was safe to relax for the holidays, another serious bug is found on the internet. Read more in my article on the Intego Mac Security blog.
  • SSCC 178 - Are we there yet? [PODCAST]

    Sophos - Naked Security
    Here's the latest episode of our weekly security podcast.

    Enjoy...and "Happy Holidays," whether you're away on vacation yourself, or a sysadmin enjoying the time when everyone else is on vacation!
  • The Case for N. Korea’s Role in Sony Hack

    Krebs on Security
    There are still many unanswered questions about the recent attack on Sony Pictures Entertainment, such as how the attackers broke in, how long they were inside Sony's network, whether they had inside help, and how the attackers managed to steal terabytes of data without notice. To date, a sizable number of readers remain unconvinced about the one conclusion that many security experts and the U.S. government now agree upon: The North Korea was to blame. This post examines some compelling evidence from past such attacks that has helped inform that conclusion.
  • MBR Wiper Attacks Strike Korean Power Plant

    Trend Micro - Security Intelligence
    In recent weeks, a major Korean electric utility has been affected by destructive malware, which was designed to wipe the master boot records (MBRs) of affected systems. It is believed that this MBR wiper arrived at the target systems in part via a vulnerability in the Hangul Word Processor (HWP), a commonly used application in South […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroMBR Wiper Attacks Strike Korean Power Plant
  • MBR Wiper Attacks Strike Korean Power Plant

    TrendLabs - Malware Blog
    In recent weeks, a major Korean electric utility has been affected by destructive malware, which was designed to wipe the master boot records (MBRs) of affected systems. It is believed that this MBR wiper arrived at the target systems in part via a vulnerability in the Hangul Word Processor (HWP), a commonly used application in South […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroMBR Wiper Attacks Strike Korean Power Plant
  • German steel works suffered “massive damage” after hack attack

    Graham Cluley
    Hackers who compromised a German steel works inflicted serious damage on one of its blast furnaces, according to a newly released report. Read more in my article on the Lumension Optimal Security blog.
  • Patches Not Cure-all for Shellshock

    Trend Micro - Security Intelligence
    Earlier this year, Linux system administrators all over the world had to deal with the Shellshock vulnerability, which could lead to malicious code being run on Linux systems. Servers running various web services were at particular risk. By now, most major distributions have been able to release patches that upgraded the vulnerable bash shell to versions not affected […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroPatches Not Cure-all for Shellshock
  • Patches Not Cure-all for Shellshock

    TrendLabs - Malware Blog
    Earlier this year, Linux system administrators all over the world had to deal with the Shellshock vulnerability, which could lead to malicious code being run on Linux systems. Servers running various web services were at particular risk. By now, most major distributions have been able to release patches that upgraded the vulnerable bash shell to versions not affected […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroPatches Not Cure-all for Shellshock

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Blog Posts

Media Release

More media release

Market Place